Field
Embodiments of the invention generally relate to techniques for securely using a PIN to authenticate a user accessing encrypted data on a computing device, which would otherwise only be accessible using a long and complex password.
Description of the Related Art
Protecting access to user data is a well known issue in a broad variety of contexts. For example, it is common for computing applications to require users to provide a username and password. As more computing applications are accessed in a distributed manner, e.g., by accessing applications hosted in a cloud based environments, simple passwords frequently provide inadequate security. That is, passwords suffer from a number of known drawbacks. For example, passwords may be forgotten, guessed, or otherwise disclosed or obtained. Further, as computing devices have proliferated from standalone desktop systems to a variety of internetworked devices such as laptops, tablets, mobile telephones, gaming consoles, etc., the amount of sensitive data stored on computing systems and across computer networks has grown accordingly.
As is well known, security mechanisms used to protect data frequently come at the expense of convenience. That is, typically, systems that provide high degrees of security are inconvenient and systems that are convenient are usually insecure. For example, applications used to secure sensitive data on a mobile device (e.g., passwords, account numbers, etc.) typically require users supply a complex password to store or access sensitive data. Such applications may enforce rules to ensure that a password has minimum strength (i.e. by requiring mixed case, numbers, use of special characters, minimum length, etc.). The resulting passwords can be inconvenient for users to enter on mobile devices (e.g., computing tablets and smart phones), which have smaller keyboards and screens.
While a complex password may be effective at protecting access to data or applications, it can be cumbersome for users to enter on the keyboard of a mobile device. Furthermore, mobile devices frequently allow a single application to run in the foreground. On such devices, a mobile operating system can kill background applications in to conserve memory/power for a foreground application or other higher priority tasks. As a result, when switching between applications, a user may be prompted to repeatedly enter a complex password multiple times to access data.
At the same time, storing sensitive information such as passwords, credit card numbers, account numbers, digital certificates and keys, etc., is highly convenient. Further, as the amount of such sensitive information, as well as other applications which require strong security mechanisms become more common (e.g., mobile payment systems), the need to protect sensitive information stored on mobile devices will continue to expand.